10:00:40 #startmeeting containers 10:00:41 Meeting started Tue Mar 20 10:00:40 2018 UTC and is due to finish in 60 minutes. The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot. 10:00:42 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 10:00:45 The meeting name has been set to 'containers' 10:00:50 #topic Roll Call 10:01:00 hi 10:01:13 hello slunkad 10:02:22 Looks like it is me and you slunkad :) 10:02:36 #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-03-20_1000_UTC 10:02:37 yep 10:02:44 #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-03-20_1000_UTC 10:02:48 #topic Announcements 10:03:13 I updated most of the blueprints in: 10:03:17 #link https://blueprints.launchpad.net/magnum 10:03:49 oh nice 10:04:02 Blueprints with no one workig on them have the targeted release, milestone and priority removed 10:05:02 I created the rocky release and its milestone and started to add bluprints. Let's try to set the list for rocky this week 10:05:15 We can target bugs too. 10:05:23 This is a good landing page. 10:05:28 yes 10:05:43 #link https://launchpad.net/magnum 10:05:58 and here you can see what is assigned to Rocky 10:06:26 #link https://launchpad.net/magnum/rocky 10:07:01 Three blueprints and 1 bug, I'll through the bugs too. 10:07:29 ok 10:07:30 #topic Blueprints/Bugs/Ideas 10:08:33 ** Rocky blueprints review 10:08:52 https://blueprints.launchpad.net/magnum/rocky 10:09:13 slunkad: do you want to add opensuse for Rocky and a bp for the works on docs? 10:09:45 strigazi: yes 10:10:10 for the docs one I don't think we need a bp though 10:10:13 ok, I'll add the driver work and add a bp for docs 10:10:46 not sure, because I did take a look at the docs and what I see is most projects have a glossary section 10:11:15 slunkad: do you have milestone in mind for opensuse? 10:12:07 strigazi: Rocky I would imagine 10:12:37 slunkad: here are the dates https://releases.openstack.org/rocky/schedule.html 10:13:49 strigazi: I would target it to m3 if that's alright 10:15:06 slunkad: it's ok 10:15:55 slunkad: https://blueprints.launchpad.net/magnum/+spec/k8s-opensuse-support done 10:16:17 thanks! 10:16:40 about docs, don't we need a bp? I imagine there will be multiple patches 10:17:25 We can have glossary, architecture, how to interact with clusters 10:17:35 yes about docs, I\'m not sure how much work is there. I have a patch which removes what I think can go into the glossary, maybe I push that first and then we can discuss on it? 10:17:47 ok 10:18:05 strigazi: ok if you have more things in mind already would make sense to put it down in a bp 10:18:25 ok, I'll right them down and assign to you? 10:18:30 will you have time? 10:19:03 strigazi: yes I should, but I would need help with some of the stuff on it I guess like the architecture 10:19:46 slunkad: of course, I can do that part or I'll help you with it 10:20:07 strigazi: cool then:) 10:20:27 #action strigazi to draft a blueprint for docs refactoring 10:20:47 Next item: 10:20:56 ** strigazi to report back on cluster upgrades 10:21:37 I started the implementation for upgrading with cluster-templates and faced to issues. 10:21:53 The most important one is labels. 10:23:01 what exactly are the issues? 10:23:11 In queens we added labels to cluster and in the driver template definition 10:23:23 yes 10:23:27 we take the labels from cluster 10:24:15 which means when trying to upgrade some values that come from labels via a cluster template change 10:24:24 those value are not changed. 10:26:19 The pupropose of letting users overwrite labels on cluster create is to give them choice on which features they want to use. eg enable dashboard etc 10:27:05 As a solutions I was thinking to have another set of fields that it is not possible to overwrite 10:27:35 but we want it to be overwritable right? 10:27:41 eg the tag of kubernetes or other tags, etcd, calico, and so on 10:28:22 So, the operator can have some public templates with two set of labels. 10:28:48 One with versions and features that he wants to offer to users 10:29:20 features that the operators wants all users to have 10:29:52 ah yes, I think we spoke about this briefly at the ptg 10:29:53 and another one, that users can enable or disable on cluster creation 10:31:02 The second type is those that can be overwritten and it's the current labels. 10:31:29 The first one can be a new field that can not be overwritten. 10:32:13 This way the operator controls what users get in their clusters. 10:32:25 Makes sense? 10:32:26 sounds good 10:32:29 good 10:32:35 I'll add it to the spec 10:33:24 ok, next 10:33:43 ** slunkad to report on "trust invalid when user is disabled" https://bugs.launchpad.net/magnum/+bug/1752433 10:33:44 Launchpad bug 1752433 in Magnum "trust invalid when user is disabled" [Undecided,New] - Assigned to Sayali Lunkad (sayalilunkad) 10:34:16 yes, so I started implementing this but I wanted to clarify some things before going further 10:35:00 as I see it now this change is mostly on the client side, that is we create new trusts and somehow push it into the cluster 10:35:39 I am wondering if this also needs some db changes because there is the trust_id and trustee field in the cluster object 10:36:09 and if you already have an idea of how we push the new trust_id to the cluster? 10:36:42 slunkad: yes, we need to change the values in the db 10:37:02 slunkad: we will pass the new values with a software deployment 10:37:28 slunkad: the new trust generation will be done by magnum 10:37:44 slunkad: in the cert-manager 10:37:52 what do you mean with a software deployment? 10:38:04 cert-manager? 10:38:34 or trust-manager? 10:39:41 this is a software deployment http://git.openstack.org/cgit/openstack/magnum/tree/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml#n582 10:39:58 yes, trust-manager sorry 10:40:27 in software deployement you can also pass values: 10:41:23 ok and do these values get automatically updated when changed? 10:41:24 slunkad: https://review.openstack.org/#/c/514960/1/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml@424 10:44:10 ok 10:44:35 You start by the conductor changes 10:44:58 updating the db and so on, and we can do the heat-template together 10:45:21 ok cool 10:45:33 aslo, check which api call will do it 10:45:45 we could use the remove-cert api 10:45:57 will do what? 10:46:23 how the user will trigger the rotation of the trust 10:46:47 ah yes 10:47:14 I saw some rotate ca stuff 10:47:49 it could be done by openstack coe certificate rotate 10:48:42 http://git.openstack.org/cgit/openstack/magnum/tree/doc/source/user/index.rst#n1912 10:49:09 yes that's what I was thinking 10:49:15 cool 10:50:09 do we already have that implemented as a osc command also? 10:50:19 yes 10:50:53 http://git.openstack.org/cgit/openstack/python-magnumclient/tree/magnumclient/osc/v1/certificates.py#n36 10:51:12 cool 10:52:33 I'm addint the action again and the one for cluster upgrades 10:52:42 ok 10:52:53 #action slunkad to report on "trust invalid when user is disabled" https://bugs.launchpad.net/magnum/+bug/1752433 10:52:55 Launchpad bug 1752433 in Magnum rocky "trust invalid when user is disabled" [High,New] - Assigned to Sayali Lunkad (sayalilunkad) 10:53:30 #action strigazi to update the spec for cluster upgrades with a new type of "immutable" labels 10:54:52 I'll merge with the actions of the previous week since Feilong is not here and I didn't push the patch for flannel. 10:55:30 Since we have 5 minutes, do you have anything else got the meeting slunkad ? 10:56:01 no, that's all, thanks! 10:56:56 Thanks slunkad, see you next week. Since you are in Europe next week it will be one hour later for us. still utc 1000 10:57:23 see https://www.timeanddate.com/worldclock/fixedtime.html?msg=Magnum+Team+Meeting&iso=20180327T10 for conversion 10:57:41 See you 10:57:42 strigazi: oh yes, thanks for that 10:57:44 bye! 10:57:47 #endmeeting